Hi, I am facing a very peculiar problem. Fail2Ban in Plesk is banning Cloudflare/Digital Ocean IPs due to which the website went down.
Also, Error Logs in Plesk is Showing Digital Ocean IPs as errors. Probably they are getting masked, I remember I did a process in DO where all masked IP addresses started showing the originating IPs in the previous server. Cannot find that online document.
(We use CloudFlare as well)
Thanks.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Heya,
Fail2Ban allows you to whitelist specific IPs or IP ranges using its
ignoreip
setting.Edit the Fail2Ban configuration file to whitelist Cloudflare and DigitalOcean IPs.
jail.local
file:ignoreip
line:Replace
<cloudflare_ips>
and<digitalocean_ips>
with the IP ranges then save the file and restart fail2banShow Real IPs (Unmask IPs) in Plesk Logs
When using Cloudflare or other proxies, the visitor’s real IP gets masked by Cloudflare’s IP. To fix this, you need to configure Plesk and your web server to show the original IPs.
Step 1: Use Cloudflare’s Real IP Module for Nginx or Apache
For Nginx:
ngx_http_realip_module
:Configure Nginx to trust Cloudflare IPs:
Add the following lines to the
http
block:Replace the IP ranges with Cloudflare’s list.
Configure Plesk to Show Real IPs
Plesk needs to use the
X-Forwarded-For
orCF-Connecting-IP
headers for logging the real IPs.Go to Plesk Control Panel:
Apply the changes and restart the web server.
Heya, @sp1
On top of what’s already been mentioned, you can modify Fail2Ban filters to exclude Cloudflare or DigitalOcean IP ranges. For example, update
/etc/fail2ban/filter.d/nginx-http-auth.conf
:Additionally If you’re using Cloudflare, set up firewall rules to block malicious traffic before it reaches your server. For example:
Hope that this helps!